Cleanup
This commit is contained in:
hwdsl2
parent
d18801452d
commit
f8f97e014a
22
vpnsetup.sh
22
vpnsetup.sh
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on Ubuntu LTS and Debian.
|
# Script for automatic setup of an IPsec VPN server on Ubuntu and Debian.
|
||||||
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
@ -117,12 +117,9 @@ case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -n "$VPN_DNS_SRV1" ] && ! check_ip "$VPN_DNS_SRV1"; then
|
if { [ -n "$VPN_DNS_SRV1" ] && ! check_ip "$VPN_DNS_SRV1"; } \
|
||||||
exiterr "DNS server 'VPN_DNS_SRV1' is invalid."
|
|| { [ -n "$VPN_DNS_SRV2" ] && ! check_ip "$VPN_DNS_SRV2"; } then
|
||||||
fi
|
exiterr "The DNS server specified is invalid."
|
||||||
|
|
||||||
if [ -n "$VPN_DNS_SRV2" ] && ! check_ip "$VPN_DNS_SRV2"; then
|
|
||||||
exiterr "DNS server 'VPN_DNS_SRV2' is invalid."
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -x /sbin/iptables ] && ! iptables -nL INPUT >/dev/null 2>&1; then
|
if [ -x /sbin/iptables ] && ! iptables -nL INPUT >/dev/null 2>&1; then
|
||||||
@ -390,8 +387,8 @@ fi
|
|||||||
|
|
||||||
bigecho "Updating IPTables rules..."
|
bigecho "Updating IPTables rules..."
|
||||||
|
|
||||||
IPT_FILE="/etc/iptables.rules"
|
IPT_FILE=/etc/iptables.rules
|
||||||
IPT_FILE2="/etc/iptables/rules.v4"
|
IPT_FILE2=/etc/iptables/rules.v4
|
||||||
ipt_flag=0
|
ipt_flag=0
|
||||||
if ! grep -qs "hwdsl2 VPN script" "$IPT_FILE"; then
|
if ! grep -qs "hwdsl2 VPN script" "$IPT_FILE"; then
|
||||||
ipt_flag=1
|
ipt_flag=1
|
||||||
@ -429,8 +426,8 @@ fi
|
|||||||
|
|
||||||
bigecho "Enabling services on boot..."
|
bigecho "Enabling services on boot..."
|
||||||
|
|
||||||
IPT_PST="/etc/init.d/iptables-persistent"
|
IPT_PST=/etc/init.d/iptables-persistent
|
||||||
IPT_PST2="/usr/share/netfilter-persistent/plugins.d/15-ip4tables"
|
IPT_PST2=/usr/share/netfilter-persistent/plugins.d/15-ip4tables
|
||||||
ipt_load=1
|
ipt_load=1
|
||||||
if [ -f "$IPT_FILE2" ] && { [ -f "$IPT_PST" ] || [ -f "$IPT_PST2" ]; }; then
|
if [ -f "$IPT_FILE2" ] && { [ -f "$IPT_PST" ] || [ -f "$IPT_PST2" ]; }; then
|
||||||
ipt_load=0
|
ipt_load=0
|
||||||
@ -494,14 +491,11 @@ fi
|
|||||||
|
|
||||||
bigecho "Starting services..."
|
bigecho "Starting services..."
|
||||||
|
|
||||||
# Reload sysctl.conf
|
|
||||||
sysctl -e -q -p
|
sysctl -e -q -p
|
||||||
|
|
||||||
# Update file attributes
|
|
||||||
chmod +x /etc/rc.local
|
chmod +x /etc/rc.local
|
||||||
chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
|
chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
|
||||||
|
|
||||||
# Restart services
|
|
||||||
mkdir -p /run/pluto
|
mkdir -p /run/pluto
|
||||||
service fail2ban restart 2>/dev/null
|
service fail2ban restart 2>/dev/null
|
||||||
service ipsec restart 2>/dev/null
|
service ipsec restart 2>/dev/null
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6, 7 and 8.
|
# Script for automatic setup of an IPsec VPN server on CentOS/RHEL 6-8.
|
||||||
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
# Works on any dedicated server or virtual private server (VPS) except OpenVZ.
|
||||||
#
|
#
|
||||||
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
# DO NOT RUN THIS SCRIPT ON YOUR PC OR MAC!
|
||||||
@ -50,7 +50,7 @@ check_ip() {
|
|||||||
vpnsetup() {
|
vpnsetup() {
|
||||||
|
|
||||||
if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
|
if ! grep -qs -e "release 6" -e "release 7" -e "release 8" /etc/redhat-release; then
|
||||||
echo "Error: This script only supports CentOS/RHEL 6, 7 and 8." >&2
|
echo "Error: This script only supports CentOS/RHEL 6-8." >&2
|
||||||
echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2
|
echo "For Ubuntu/Debian, use https://git.io/vpnsetup" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -106,12 +106,9 @@ case "$VPN_IPSEC_PSK $VPN_USER $VPN_PASSWORD" in
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -n "$VPN_DNS_SRV1" ] && ! check_ip "$VPN_DNS_SRV1"; then
|
if { [ -n "$VPN_DNS_SRV1" ] && ! check_ip "$VPN_DNS_SRV1"; } \
|
||||||
exiterr "DNS server 'VPN_DNS_SRV1' is invalid."
|
|| { [ -n "$VPN_DNS_SRV2" ] && ! check_ip "$VPN_DNS_SRV2"; } then
|
||||||
fi
|
exiterr "The DNS server specified is invalid."
|
||||||
|
|
||||||
if [ -n "$VPN_DNS_SRV2" ] && ! check_ip "$VPN_DNS_SRV2"; then
|
|
||||||
exiterr "DNS server 'VPN_DNS_SRV2' is invalid."
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
bigecho "VPN setup in progress... Please be patient."
|
bigecho "VPN setup in progress... Please be patient."
|
||||||
@ -174,7 +171,8 @@ else
|
|||||||
REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
|
REPO4='--enablerepo=codeready-builder-for-rhel-8-*'
|
||||||
fi
|
fi
|
||||||
yum "$REPO4" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
|
yum "$REPO4" -y install systemd-devel libevent-devel fipscheck-devel || exiterr2
|
||||||
if systemctl is-active --quiet firewalld.service || grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf; then
|
if systemctl is-active --quiet firewalld.service \
|
||||||
|
|| grep -qs "hwdsl2 VPN script" /etc/sysconfig/nftables.conf; then
|
||||||
use_nft=1
|
use_nft=1
|
||||||
yum -y install nftables || exiterr2
|
yum -y install nftables || exiterr2
|
||||||
else
|
else
|
||||||
@ -382,7 +380,7 @@ net.ipv4.tcp_wmem = 10240 87380 12582912
|
|||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
F2B_FILE="/etc/fail2ban/jail.local"
|
F2B_FILE=/etc/fail2ban/jail.local
|
||||||
if [ ! -f "$F2B_FILE" ]; then
|
if [ ! -f "$F2B_FILE" ]; then
|
||||||
bigecho "Creating basic Fail2Ban rules..."
|
bigecho "Creating basic Fail2Ban rules..."
|
||||||
cat > "$F2B_FILE" <<'EOF'
|
cat > "$F2B_FILE" <<'EOF'
|
||||||
@ -406,8 +404,8 @@ fi
|
|||||||
|
|
||||||
bigecho "Updating IPTables rules..."
|
bigecho "Updating IPTables rules..."
|
||||||
|
|
||||||
IPT_FILE="/etc/sysconfig/iptables"
|
IPT_FILE=/etc/sysconfig/iptables
|
||||||
[ "$use_nft" = "1" ] && IPT_FILE="/etc/sysconfig/nftables.conf"
|
[ "$use_nft" = "1" ] && IPT_FILE=/etc/sysconfig/nftables.conf
|
||||||
ipt_flag=0
|
ipt_flag=0
|
||||||
if ! grep -qs "hwdsl2 VPN script" "$IPT_FILE"; then
|
if ! grep -qs "hwdsl2 VPN script" "$IPT_FILE"; then
|
||||||
ipt_flag=1
|
ipt_flag=1
|
||||||
@ -490,19 +488,15 @@ fi
|
|||||||
|
|
||||||
bigecho "Starting services..."
|
bigecho "Starting services..."
|
||||||
|
|
||||||
# Restore SELinux contexts
|
restorecon /etc/ipsec.d/*db >/dev/null
|
||||||
restorecon /etc/ipsec.d/*db >/dev/null 2>&1
|
restorecon /usr/local/sbin -Rv >/dev/null
|
||||||
restorecon /usr/local/sbin -Rv >/dev/null 2>&1
|
restorecon /usr/local/libexec/ipsec -Rv >/dev/null
|
||||||
restorecon /usr/local/libexec/ipsec -Rv >/dev/null 2>&1
|
|
||||||
|
|
||||||
# Reload sysctl.conf
|
|
||||||
sysctl -e -q -p
|
sysctl -e -q -p
|
||||||
|
|
||||||
# Update file attributes
|
|
||||||
chmod +x /etc/rc.local
|
chmod +x /etc/rc.local
|
||||||
chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
|
chmod 600 /etc/ipsec.secrets* /etc/ppp/chap-secrets* /etc/ipsec.d/passwd*
|
||||||
|
|
||||||
# Apply new IPTables rules
|
|
||||||
if [ "$use_nft" = "1" ]; then
|
if [ "$use_nft" = "1" ]; then
|
||||||
nft -f "$IPT_FILE"
|
nft -f "$IPT_FILE"
|
||||||
else
|
else
|
||||||
@ -517,7 +511,6 @@ if [ "$os_ver" != "6" ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Restart services
|
|
||||||
mkdir -p /run/pluto
|
mkdir -p /run/pluto
|
||||||
modprobe -q pppol2tp
|
modprobe -q pppol2tp
|
||||||
service fail2ban restart 2>/dev/null
|
service fail2ban restart 2>/dev/null
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user